Case Examples

1

Operational Resilience

Ciara Forde & Kirsten Smith

11 May2019

2

Share real life examples of recent Cyber attacks.

Understand the importance of quickly reporting incidents and why a robust disaster recovery plan is critical.

Aims of presentation

Cyber Attack - Example 1

3

1.Pre disaster

2.During issue

3.Post issue

• What happened?

• What went well?

• Lessons learned

• Preventative measures (i.e. training to staff and extra security).

4

• Relying on third party for backups

• No checks had been undertaken to ‘test’ the back up.

Pre Disaster

• Forensic investigation completed

• Contacted Action Fraud/ICO

• No member data compromised

During Issue

• Staff completed ‘manual’ back up

• Communication with members

• Security measures introduced

Post Issue

• Paying a third party for disaster recovery is not enough

• Testing of systems is crucialLessons

Cyber Attack - Example 2

5

1.Pre disaster

2.During issue

3.Post issue

• What happened?

• What went well?

• Lessons learned

• Preventative measures (i.e. training to staff and extra security).

6

• The CU was unaware that data was compromised 2 months prior to ransomware email.

Pre Disaster

• The CU took immediate action and decided to contact both active and dormant accounts

During Issue

•The proactive and comprehensive comms reduced contact from members

Post Issue

•Being open and transparent reduced panic amongst members

Lessons

Cyber Attack - Example 3

7

1.Pre disaster

2.During issue

3.Post issue

• What happened?

• What went well?

• Lessons learned

• Preventative measures (i.e. training to staff and extra security).

8

• Overview

• Previous cyber incidentsPre Disaster

• The Attack - What happened

• Member experience

• The Credit Unions responseDuring Issue

• Member Communication

• Unaccounted for monies

• Issue with Faster payment system

• Automated Telephone banking system

Post Issue

• Review of cyber security including all IT providers.

• IT providers…..solution or part of the problem

• Creating a secondary replica site

• Staff education

Lessons

9

External Threats

• The internet means that organisations can be targeted by a number of malicious groups.

• They all have their own motives and levels of sophistication.

• You can define the groups in many ways, but broadly they fit into:

• Criminals

• Nation States

• Opportunistic

• Hacktivists

Q. Does a formally documented cyber resilience strategy exist within your Credit Union that is independently assessed?

10

Ask yourself these questions…

Q. Do you regularly perform vulnerability assessments to identify & assess security vulnerabilities in your systems & processes?

Q. Have you designed & tested systems & processes to enable timely recovery of accurate data following a cyber incident? Are desktop exercises used to test people?

Q. Do you educate your staff on cyber security risks?

Q. Do you know how to report an incident?

Outsourcing

11

• Some Credit Unions may not have the necessary resources to build in-house IT departments.

• Outsourcing can have benefits, but it is still important to have sight over the provider.

Is your provider right for you?

12

Do they understand the Credit Union model and the

technologies that you’re using?

Can they develop a comprehensive security plan, suggest polices and

security procedures, disaster recovery and auditing?

What is their response times to incidents?

Responding to a cyber attack

13

As the financial system is highly connected and

reliant on technology it will remain a target for cyber-

attacks.

Cyber-attacks will continue to

occur

How firms respond to these disruptive events

is critical.

Take Aways

14

• In terms of support and help we can provide, this varies from case to case.

• Early notification is key and our Cyber colleagues can assist with any technical questions.

Information to be shared:

1. Network Security - the basics

2. Good Cyber Security - the foundations

3. Ransomware infographic

15